In recent months, we have written more than once about the Shiny Hunters hacker group, which, for example, took responsibility for compromising Microsoft's GitHub repositories, and also hacked Tokopedia (Indonesia's largest online store) and more than a dozen other companies. Among the recent "merits" of this hack group can be noted the publication of data on 7.5 million users of the financial and technical "unicorn", the Dave company.
This week journalists of the edition Bleeping computer noticed that Shiny Hunters are not going to stop there and continue to actively (and completely free of charge) "merge" data. So, since July 21, 2020, the group has published publicly information about 386 million users of 18 different companies, which were allegedly stolen as a result of hacks. Fortunately, password leaks did not occur in all cases.
The publication notes that usually stolen databases are first sold to other attackers, privately, and their cost can range from $ 500 (Zoosk) to $ 100,000 (Wattpad). Only after the stolen data is no longer profitable, cybercriminals publish it for free on hacker forums in order to increase their reputation.
Of the eighteen databases released by hackers over the past week and a half, nine have already surfaced in the past. The other nine databases were new, including those stolen from Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird and Vakinha. Below is the data on all dumps "leaked" by cybercriminals.
|Company||Number of users||Hacked date||Was the incident known|
|Appen.com||5.8 million||N / A||not|
|Chatbooks.com||15.8 million||March 26, 2020||Yes|
|Dave.com||7 million||July 2020 *||Yes|
|Drizly.com||2.4 million||July 2020 *||not|
|GGumim.co.kr||2.3 million||March 2020 *||Yes|
|Havenly.com||1.3 million||June 2020 *||not|
|Hurb.com||20 million||N / A||Yes|
|Indabamusic.com||475 thousand||N / A||not|
|Ivoy.mx||127 thousand||N / A||not|
|Mathway.com||25.8 million||January 2020 *||Yes|
|Proctoru.com||444 thousand||N / A||not|
|Promo.com||22 million||July 2020||Yes|
|Rewards1.com||3 million||July 2020 *||not|
|Scentbird.com||5.8 million||N / A||not|
|Swvl.com||4 million||N / A||Yes|
|TrueFire.com||602 thousand||N / A||Yes|
|Vakinha.com.br||4.8 million||N / A||not|
|Wattpad||270 million||June 2020 *||Yes|
|* Based on the statements of the attackers themselves|
The journalists contacted the hackers and asked what was the reason for the sudden free publication of so much data. They replied that many can benefit from these databases, and this was done for the common good.
“I just thought I’d made enough money at the moment, so I arranged a drain for the general benefit. Of course, now some people are upset because a few days ago they paid resellers (for the same information), but I don't care, "said a Shiny Hunters spokesman.
Bleeping Computer specialists tried to contact each of the allegedly affected companies, whose data were published by ShinyHunters, but the publication did not receive a response from any of them. Journalists note that the lack of answers in such a situation is a common occurrence, because companies, as a rule, confirm the fact of a data leak only a few weeks or months after the first information about the incident appears.
Users of the above companies are advised to change their passwords just in case.